Spotted over on HN:
The mysterious case of the Linux Page Table Isolation patches (archive)
tl;dr: there is presently an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve. Urgent development of a software mitigation is being done in the open and recently landed in the Linux kernel, and a similar mitigation began appearing in NT kernels in November. In the worst case the software fix causes huge slowdowns in typical workloads. There are hints the attack impacts common virtualization environments including Amazon EC2 and Google Compute Engine, and additional hints the exact attack may involve a new variant of Rowhammer.
Turns out 2018 might be more interesting than first thought. So grab some popcorn and keep those systems patched!
(Score: 0) by Anonymous Coward on Tuesday January 02 2018, @08:14AM (1 child)
Which modules? EEC and double refresh are ineffective mitigation. [futureplus.com]
(Score: 0) by Anonymous Coward on Tuesday January 02 2018, @05:23PM
For example, https://www.skhynix.com/products.do?lang=eng&ct1=36&ct2=37&rc=com [skhynix.com] But you really need to check the specs yourself for now and test yourself. Some manufacturers leave it disabled (as it is optional) in LPDDR4 and others tack it on DDR4. Also, some implementations, like Micron's, have been shown to have too high of limits or do not properly implement TRR and MAC.